Topic created on: February 23, 2020 10:55 CST by alattar .
my name is ahmed alattar , first I want to say its an honor just at least my registering here.
one of my clients got infected with robin hood ransome ware new built witch was compiled as Robbin WITH double BB , this ransomeware was made and compiled last month so its fresh. and undetectable.
however , we reported our static analysis to total virus and other platforms out there.
I did some dynamic analysis too , and got its masterkey/keyphrases : robin_A_f00D132 for end-user/servers logins.
plus after doing the null attack , I discovered the ransomware has a 15byte base encryption (unblock chained)
in its ransom note, it says that it uses RSA 40XX key / AES how ever, I think they uses smaller keys.
a lot of files are encrypted , in multi-servers, however they keep asking the client for their active directory domain and such.
now am trying to make a decryptor of that ransomware , but am out of luck atm because :
the poor knowledge of IDA and assembly language in general
and I have problem with anti-virtualization , so am training my best to attend reverse engineering online training.
one of these training platforms INFOSEC inst. lead me here and other programs I used.
is it possible , to help me on the decryptor ?
or even instruct/teach me ?
I don't mind hiring for both requests.